Summary

catalogue-77(1).zip

File catalogue-77(1).zip

Summary
Download Resubmit sample

Size 73.9KB
Type Zip archive data, at least v2.0 to extract, compression method=deflate
MD5 1e1265d35c4534067cfe1c91f5e9eab4
SHA1 636bbd7b9f399430dc90981ce9de57f1bb8658c9
SHA256 a35dac6b20e8e3233a7f11cb49cce33c118a20d0cf9fb4f54640094621a2e125
SHA512
650c8249747621dc7957fef9f4d4e22a6ce27b536b6b1fb4872a8409331c57b1c0a109cfbc1d92db781845841c632e78cbffd955402e1eb918eecb375ef082d8
CRC32 1752AD88
ssdeep None
Yara None matched

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE March 22, 2025, 4:05 a.m. March 22, 2025, 4:05 a.m. 25 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-03-22 04:04:57,004 [root] DEBUG: Starting analyzer from: /tmp/tmpYgXves
2025-03-22 04:04:57,004 [root] DEBUG: Storing results at: /tmp/EDETyelG
2025-03-22 04:04:57,006 [root] ERROR: Traceback (most recent call last):
  File "/tmp/tmpYgXves/analyzer.py", line 340, in <module>
    success = analyzer.run()
  File "/tmp/tmpYgXves/analyzer.py", line 129, in run
    self.config.file_name, **kwargs)
  File "/tmp/tmpYgXves/lib/core/packages.py", line 42, in choose_package_class
    "exist.".format(name))
Exception: Unable to import package "7z": it does not exist.
Traceback (most recent call last):
  File "/tmp/tmpYgXves/analyzer.py", line 340, in <module>
    success = analyzer.run()
  File "/tmp/tmpYgXves/analyzer.py", line 129, in run
    self.config.file_name, **kwargs)
  File "/tmp/tmpYgXves/lib/core/packages.py", line 42, in choose_package_class
    "exist.".format(name))
Exception: Unable to import package "7z": it does not exist.

Cuckoo Log

2025-03-22 04:05:12,994 [cuckoo.core.scheduler] INFO: Task #6144550: acquired machine Ubuntu1904x643 (label=Ubuntu1904x643)
2025-03-22 04:05:12,995 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.103 for task #6144550
2025-03-22 04:05:13,321 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 1851166 (interface=vboxnet0, host=192.168.168.103)
2025-03-22 04:05:13,325 [androguard.apk] WARNING: Missing AndroidManifest.xml. Is this an APK file?
2025-03-22 04:05:13,352 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu1904x643
2025-03-22 04:05:13,882 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu1904x643 to Snapshot
2025-03-22 04:05:20,538 [cuckoo.core.guest] INFO: Starting analysis #6144550 on guest (id=Ubuntu1904x643, ip=192.168.168.103)
2025-03-22 04:05:21,544 [cuckoo.core.guest] DEBUG: Ubuntu1904x643: not ready yet
2025-03-22 04:05:26,567 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Ubuntu1904x643, ip=192.168.168.103)
2025-03-22 04:05:26,594 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu1904x643, ip=192.168.168.103, monitor=latest, size=73219)
2025-03-22 04:05:26,815 [cuckoo.core.resultserver] DEBUG: Task #6144550: live log analysis.log initialized.
2025-03-22 04:05:29,710 [cuckoo.core.guest] INFO: Ubuntu1904x643: analysis completed successfully
2025-03-22 04:05:29,723 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-03-22 04:05:29,747 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-03-22 04:05:30,664 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Ubuntu1904x643 to path /srv/cuckoo/cwd/storage/analyses/6144550/memory.dmp
2025-03-22 04:05:30,666 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu1904x643
2025-03-22 04:05:38,215 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.103 for task #6144550
2025-03-22 04:05:38,513 [cuckoo.core.scheduler] DEBUG: Released database task #6144550
2025-03-22 04:05:38,530 [cuckoo.core.scheduler] INFO: Task #6144550: analysis procedure completed

Signatures

File has been identified by 9 AntiVirus engine on IRMA as malicious (9 events)
G Data Antivirus (Windows) Virus: Formulas.Vita.13 (Engine A)
Avast Core Security (Linux) Script:SNH-gen [Drp]
Trellix (Linux) X97M/Downloader.hk trojan
WithSecure (Linux) Malware.XF/XAgent.A
eScan Antivirus (Linux) Formulas.Vita.13(DB)
ESET Security (Windows) DOC/TrojanDownloader.Agent.CWN trojan
Sophos Anti-Virus (Linux) Mal/Generic-S
Bitdefender Antivirus (Linux) Formulas.Vita.13
Emsisoft Commandline Scanner (Windows) Formulas.Vita.13 (B)
File has been identified by 22 AntiVirus engines on VirusTotal as malicious (22 events)
McAfee X97M/Downloader.hk
BitDefender Trojan.Vita.13
Arcabit Trojan.Vita.13
Cyren XLSM/Sneaky.T.gen!Camelot
ESET-NOD32 DOC/TrojanDownloader.Agent.CWN
Avast SNH:Script [Dropper]
Kaspersky HEUR:Trojan-Downloader.MSOffice.ZLoader.gen
MicroWorld-eScan Trojan.Vita.13
Emsisoft Trojan.Vita.13 (B)
McAfee-GW-Edition X97M/Downloader.hk
FireEye Trojan.Vita.13
Ikarus Trojan.Office.Doc
Avira XF/XAgent.A
MAX malware (ai score=80)
Microsoft TrojanDownloader:O97M/Ursnif.RVA!MTB
GData Trojan.Vita.13
AhnLab-V3 XLS/Agent
Zoner Probably Heur.W97ShellM
Tencent Trojan.Win32.Macro40.11000270
Fortinet MSExcel/Sneaky.T!tr
AVG SNH:Script [Dropper]
Qihoo-360 macro.office.07defname.gen
Screenshots
No screenshots available.
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.